Jump to content


Photo

Best method of preventing a virut infection ?


  • This topic is locked This topic is locked
17 replies to this topic

#1 khortoom

khortoom

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 12 August 2009 - 09:14 PM

Hi all, my other pc is infected with a win32/virut.NBP virus, after a week of trying with ESET smart security+malwarebytes+unhackme+trojan remover, I am thinking about a clean reformat.

Questions:

This virut doesn't spread to a closed, not rewritable CD ROM if inserted, does it? :huh:
What are the best antispywares and other protection methods in the future to prevent a virut infection? because this thing is the "no coming back door to hell" :bangbang: I'm thinking about a strong set of actions to ensure it doesn't infect me again ? if it doesn't survive the reformat at all.

Thank you.

#2 Maurice Naggar

Maurice Naggar

    Member

  • Developer
  • Pip
  • 9 posts

Posted 13 August 2009 - 10:07 PM

Hello khortoom,

Sorry to read that the pc has Virut. It seems you are well aware of the consequences.
Do read this blog post of Miekienoes about Virut:
http://miekiemoes.bl...s-throwing.html

I highly commend you about deciding to wipe, and then do a clean install of Windows.
Have your Windows o.s. CD/DVD handy, as well as the setup program for your antivirus program.

The windows setup will allow you to delete existing partitions on your HD, repartition and format the drive prior to install. You need to set your pc BIOS to boot from CD/DVD drive, place the Windows setup CD in, and reboot the system to get started.

References for you on clean (new) install of Windows (do NOT even try repair install as that will not clear the infections)
Clean Install Windows by Michael Stevens, MS-MVP
http://www.michaelst...nxpinstall.html

5 steps to help protect your new computer before you go online
http://www.microsoft...anced/xppc.mspx

An antivirus program is a must. And always keep it up-to-date.

Insuring either Windows built-in firewall is on (if you don't use a 3rd-party one, like Online Armor by Tallemu) or a 3rd party firewall is also a must.

Other suggestions (after you have new Windows in place):
Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.

Most important though:
On a regular basis, Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp

And needless to say, always stay current with Windows Update.
HTH

Edited by Maurice Naggar, 13 August 2009 - 10:12 PM.

Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 khortoom

khortoom

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 14 August 2009 - 05:19 AM

Thank you for the thorough explanation Maurice :thumbup:
Considering wiping the hard drive, would Darik's Boot and Nuke (DBAN) be ok? Dunno if I could use that one too :mellow:
Thank you.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Administrators
  • PipPipPipPipPip
  • 15,821 posts

Posted 15 September 2009 - 01:45 PM

DBAN is an excellent program, it will securely wipe your HD.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 PinguuU

PinguuU

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 21 September 2009 - 04:05 AM

What are these like?
http://download.cnet...l?tag=pdl-redir
Can't tell if they are shifty or not...

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 20,416 posts

Posted 21 September 2009 - 09:27 AM

Most files on Download.com are okay, but that is not always the case... I do not recommend Ad-Aware any more, but it is safe... Spybot is one of the oldest and most respected, along with SpywareGuard... Hijackthis is our basic tool in the forum, but not recommended for untrained use because you can disable your system if you don't know what you are doing... I am not familiar with SpyCatcherExpress, so I don't know if it is any good... However, if it were an excellent program, it would be used/recommended by many of our helpers and that is not the case... None of them will likely prevent Virut -- good Internet habits and a generally armored computer are the main ways to prevent Virut...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 Brent0987

Brent0987

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 31 October 2009 - 12:42 PM

Budfred said:
"good Internet habits and a generally armored computer are the main ways to prevent Virut..."


Hello,

"generally armored computer" Can you be more specific? What are some ways I can achieve this? How can I specifically prevent a Virut infection or any malware infection in Windows?

Regards,
Brent

#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,457 posts

Posted 31 October 2009 - 03:05 PM

There is no practical way to absolutely guarantee saftey from infection. What you can do though is to minimize risks and lower your chance of infection. Viruses have shipped with vendor supplied media, and there are even cases of infected picture frames shipping.

Infections have many sources, ranging from legitimate sites that have been unknowingly hacked, to infected ads, to sites that shouldn't have been visited in the first place such as pirated software sites and porn sites (if you wonder if you should go to a particular site, you probably shouldn't). Many questionable sites can infect you simply from visiting the site; you don't need to download anything to become infected.

There are many ways to increase your protection.

- Install a HOSTS file like MVPS HOSTS file, and keep it updated.
- Run an antispyware protection program like Windows Defender (it's free).
- Always run an antivirus program and a firewall.
- Keep Windows updated.
- Be careful with flash drives, see this post on USB/flash drive safety.
- Don't click on links or open attachments in e-mail that you weren't expecting, and read your e-mail in text only mode.
- Stay away from P2P software, even with a clean P2P program, their networks are often riddled with malware.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Software Inspector Scan to see what programs do need to be updated.
- To make your browsing more secure, use Firefox with the NoScript and Adblock Plus add-ons.
- And most of all, if something looks questionable, stay away from it. :)

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 Brent0987

Brent0987

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 01 November 2009 - 03:40 PM

Hello TheJoker and thank you for replying.

My neighbor had the Virut infection and he finally chose to backup his documents, delete and recreate the partition, format the partition with NTFS and reinstall Windows. At least now he knows he is really clean. He is not sure how he got it as he is always careful in the Internet. I suspect he got it through his Outlook email by accidentally opening an unknown attachment. But the fact is his PC was meticulously maintained. He had all the Windows critical updates, an updated antivirus program, specialty antispyware programs and and an active software firewall and still he was severely infected by malware that was able to penetrate the O/S, write, hook, alter, manipulate and have complete access to the Internet. Are there any other ways to prevent infection other than your advice above? Thank you.

Regards,
Brent

#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,457 posts

Posted 01 November 2009 - 04:09 PM

Keeping the system up-to-date and being careful online is the best advice. There is no one thing that ill keep you from being infected. It's a combination of good security, and good security practices, to include avoiding of risky sites. Using Firefox and the add-ons I mentioned is a good addition to security. However, security is sometimes a compromise. The best security practices can impede ease of use/user functionality. For instance, you would be more secure without Flash, and no scripting, but that breaks many sites, and needs to be allowed for some essential sites to function.

If I search for updated software at some sites, I need to temporarily allow scripting. There was a recent incident where people were infected from an ad on the New York Times website, an otherwise normally safe site. We can make a system even more secure by prohibiting many functions, or not installing some software, but that decreases what we can do. I ordered a program online last night, so I had to temporarily allow scripting of several sites to allow the purchase to go through. I would have been more secure to not allow scripting, as even sites we normally consider safe can be compromised, but I would have been unable to order my software. So some risk needs to be accepted, or we can't do much of what we would otherwise need to do online.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 Brent0987

Brent0987

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 01 November 2009 - 04:53 PM

Hello,

Thank you for your response. Your examples of browser configuration sounds promising. In terms of prevention, I am wondering if creating a separate Windows limited user account and using it exclusively for the Internet would help. I've also heard of Windows Software Restriction Policies (SRP), Data Execution Prevention (DEP) and special virtualization software (or sandbox). Today's malicious code seems pretty sophisticated. Besides following your advice above would any of these other methods work in preventing malware programs from writing to and manipulating the operating system? Thank you.

Regards,
Brent

#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 13,457 posts

Posted 01 November 2009 - 09:57 PM

For normal everyday use, a limited rights (standard user) account is always recommended rather than using an administrator account. You could run your browser with virtulization software, like sandboxie, but I'm not familiar with doing that. Maybe someone else can comment on that.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 pcspy

pcspy

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 November 2011 - 08:15 AM

There are many Antivirus software to prevent a virus infection but personally, I don't see any real need for full time protection as long as you use common sense on the Internet.
Don't download anything you are not sure about, don't open any email attachments from anyone you don't know, don't go to any of the 'wrong' websites etc
I have never had a virus on my PC and I use the internet without any active virus protection every day...

#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,257 posts

Posted 15 November 2011 - 12:20 PM

That is good advice.

However, any site can be hacked and result in a malicious download. Routine manual scans may detect it but some infections cannot easily be fixed. Prevention is superior to after-the-fact disinfection attempts. I've never been infected either but I run Avast with its eight real-time shields and it has several times correctly blocked sites that appeared fine to me (malicious content verified when I reported possible false positive).

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#15 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 20,416 posts

Posted 15 November 2011 - 11:24 PM

pcspy - Unless you are doing regular scans with a variety of on-demand scanners, you have no way of knowing whether or not your PC has been infected... Are you doing that... For the vast majority of users, following your advice would almost certainly result in significant infection...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#16 Brown

Brown

    Member

  • New Member
  • Pip
  • 1 posts

Posted 17 November 2011 - 10:49 AM

There are many Antivirus software to prevent a virus infection but personally, I don't see any real need for full time protection as long as you use common sense on the Internet.
Don't download anything you are not sure about, don't open any email attachments from anyone you don't know, don't go to any of the 'wrong' websites etc
I have never had a virus on my PC and I use the internet without any active virus protection every day...

Really not a good idea. Nowadays a lot of websites are mass-hacked and infected with malicious iframes and Java drive-by-download exploits. Even if you visit only reputable sites there is still a chance to get hit by some malware. I think it is a must to run some AV on your PC.

#17 crissito

crissito

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 29 October 2012 - 04:26 AM

Hi there! I`m not really good at PC security but from my previous experience I can say that the best way to protect your information and computer is to follow some steps:
1. find a reliable and genuine AV tool. Make sure it is genuine and will really protect your computer without letting more malicious intruders in it. This tool has to be downloaded from a reliable page
2. Scan your PC with this tool regularly, the best option is to schedule regular automatic scans of your system
3. Forget about visiting insecure and unknown web pages
4. Never download illegal programs, unknown software updates or suspicious video codecs. They often turn out to be created by hackers or to hide computer infections
5. Do not click on suspicious online adds and popping messages, they can take you to compromised web pages or transfer scam software straight away to your PC

I think these steps do a pretty good work, hope they will help someone. I really try to stick to them and now I have fewer problems with my PC.
Keep your head up!

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,257 posts

Posted 29 October 2012 - 11:30 AM

Hello crissito.

Please note that you have replied to a very old thread which has pretty well covered the subject. In particular the posts above by TheJoker here and here are still well worth reading.

Your own advice is sound as far as it goes.

1. find a reliable and genuine AV tool. Make sure it is genuine and will really protect your computer without letting more malicious intruders in it. This tool has to be downloaded from a reliable page

It should provide realtime protection as well as on demand scanning. There is no need to spend money as Microsoft Security Essentials or the free version of Avast are excellent. Always get the AV from the official source.

You need a firewall. Windows 7 has a good one, which should be enabled. For XP users, we recommend Comodo Firewall Free

Since even a careful surfer can get infected - perhaps you let someone else use your PC? - it is a good idea to enable System Restore. Configure enough space so that you can have Restore Points available from at least two days back.

I am closing this topic as its subject is the Virut infection, which often requires a reformat and reinstall. The general subject of protection is covered in another old thread Stopping Viruses, Worms and Trojan Horses.

We usually prefer that people start a new topic if they have something new to add about a topic started years ago. The new topic can have link(s) to the old one.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button